fix: add .npmrc tests, fix pre-finalize.cmd ERRORLEVEL handling, remove accidentally committed .codeql-version

Copilot · data-douser · web-flow · commit 5fda254ec732 · 2026-03-30T02:25:11.000Z
Agent-Logs-Url: https://github.com/advanced-security/codeql-sap-js/sessions/8906d85d-2830-47c2-b48a-447b735a4538 Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>
diff --git a/extractors/cds/tools/test/src/packageManager/cacheInstaller.test.ts b/extractors/cds/tools/test/src/packageManager/cacheInstaller.test.ts
@@ -3,13 +3,18 @@ import * as fs from 'fs';
 import * as path from 'path';
 
 import { CdsDependencyGraph, CdsProject } from '../../../src/cds/parser/types';
-import { cacheInstallDependencies } from '../../../src/packageManager';
+import {
+  cacheInstallDependencies,
+  copyNpmrcToCache,
+  findNearestNpmrc,
+} from '../../../src/packageManager';
 
 // Mock dependencies
 jest.mock('fs', () => ({
+  copyFileSync: jest.fn(),
   existsSync: jest.fn(),
-  readFileSync: jest.fn(),
   mkdirSync: jest.fn(),
+  readFileSync: jest.fn(),
   writeFileSync: jest.fn(),
 }));
 
@@ -638,4 +643,171 @@ describe('installer', () => {
       expect(result.size).toBe(0);
     });
   });
+
+  describe('findNearestNpmrc', () => {
+    beforeEach(() => {
+      // Use actual path.dirname so the directory-walking loop works correctly
+      (path.dirname as jest.Mock).mockImplementation(jest.requireActual('path').dirname);
+      (fs.existsSync as jest.Mock).mockReturnValue(false);
+    });
+
+    it('should return the .npmrc path when it exists in the start directory', () => {
+      (path.resolve as jest.Mock).mockReturnValue('/project/src');
+      (fs.existsSync as jest.Mock).mockImplementation((p: string) => p === '/project/src/.npmrc');
+
+      const result = findNearestNpmrc('/project/src');
+
+      expect(result).toBe('/project/src/.npmrc');
+    });
+
+    it('should return the .npmrc path when it exists in a parent directory', () => {
+      (path.resolve as jest.Mock).mockReturnValue('/project/src');
+      (fs.existsSync as jest.Mock).mockImplementation((p: string) => p === '/project/.npmrc');
+
+      const result = findNearestNpmrc('/project/src');
+
+      expect(result).toBe('/project/.npmrc');
+    });
+
+    it('should return undefined when no .npmrc exists in the directory tree', () => {
+      (path.resolve as jest.Mock).mockReturnValue('/project/src');
+      (fs.existsSync as jest.Mock).mockReturnValue(false);
+
+      const result = findNearestNpmrc('/project/src');
+
+      expect(result).toBeUndefined();
+    });
+  });
+
+  describe('copyNpmrcToCache', () => {
+    beforeEach(() => {
+      (path.dirname as jest.Mock).mockImplementation(jest.requireActual('path').dirname);
+      (fs.existsSync as jest.Mock).mockReturnValue(false);
+      (fs.copyFileSync as jest.Mock).mockReturnValue(undefined);
+    });
+
+    it('should copy .npmrc to the cache directory when found', () => {
+      (path.resolve as jest.Mock).mockReturnValue('/project');
+      (fs.existsSync as jest.Mock).mockImplementation((p: string) => p === '/project/.npmrc');
+
+      copyNpmrcToCache('/cache/dir', '/project');
+
+      expect(fs.copyFileSync).toHaveBeenCalledWith('/project/.npmrc', '/cache/dir/.npmrc');
+    });
+
+    it('should do nothing when no .npmrc is found', () => {
+      (path.resolve as jest.Mock).mockReturnValue('/project');
+      (fs.existsSync as jest.Mock).mockReturnValue(false);
+
+      copyNpmrcToCache('/cache/dir', '/project');
+
+      expect(fs.copyFileSync).not.toHaveBeenCalled();
+    });
+
+    it('should log a warning and not throw when copyFileSync fails', () => {
+      (path.resolve as jest.Mock).mockReturnValue('/project');
+      (fs.existsSync as jest.Mock).mockImplementation((p: string) => p === '/project/.npmrc');
+      (fs.copyFileSync as jest.Mock).mockImplementation(() => {
+        throw new Error('Permission denied');
+      });
+
+      expect(() => copyNpmrcToCache('/cache/dir', '/project')).not.toThrow();
+    });
+  });
+
+  describe('cacheInstallDependencies .npmrc propagation', () => {
+    beforeEach(() => {
+      (path.dirname as jest.Mock).mockImplementation(jest.requireActual('path').dirname);
+      (fs.existsSync as jest.Mock).mockReturnValue(false);
+      (fs.mkdirSync as jest.Mock).mockReturnValue(undefined);
+      (fs.writeFileSync as jest.Mock).mockReturnValue(undefined);
+      (fs.copyFileSync as jest.Mock).mockReturnValue(undefined);
+      (childProcess.execFileSync as jest.Mock).mockReturnValue('');
+
+      const mockResolveCdsVersions = jest.mocked(
+        jest.requireMock('../../../src/packageManager/versionResolver').resolveCdsVersions,
+      );
+      mockResolveCdsVersions.mockReturnValue({
+        resolvedCdsVersion: '6.1.3',
+        resolvedCdsDkVersion: '6.0.0',
+        cdsExactMatch: true,
+        cdsDkExactMatch: true,
+      });
+    });
+
+    it('should copy .npmrc to the cache directory before running npm install', () => {
+      // Simulate an .npmrc in the project directory
+      (fs.existsSync as jest.Mock).mockImplementation(
+        (p: string) => p === '/source/project1/.npmrc',
+      );
+
+      const dependencyGraph = createMockDependencyGraph([
+        {
+          projectDir: 'project1',
+          packageJson: {
+            name: 'project1',
+            dependencies: { '@sap/cds': '6.1.3' },
+            devDependencies: { '@sap/cds-dk': '6.0.0' },
+          },
+        },
+      ]);
+
+      cacheInstallDependencies(dependencyGraph, '/source', '/codeql');
+
+      expect(fs.copyFileSync).toHaveBeenCalledWith(
+        '/source/project1/.npmrc',
+        expect.stringContaining('.npmrc'),
+      );
+    });
+
+    it('should succeed even when .npmrc copy fails', () => {
+      // Simulate an .npmrc in the project directory
+      (fs.existsSync as jest.Mock).mockImplementation(
+        (p: string) => p === '/source/project1/.npmrc',
+      );
+      (fs.copyFileSync as jest.Mock).mockImplementation(() => {
+        throw new Error('Permission denied');
+      });
+
+      const dependencyGraph = createMockDependencyGraph([
+        {
+          projectDir: 'project1',
+          packageJson: {
+            name: 'project1',
+            dependencies: { '@sap/cds': '6.1.3' },
+            devDependencies: { '@sap/cds-dk': '6.0.0' },
+          },
+        },
+      ]);
+
+      // Should not throw and should still attempt npm install
+      const result = cacheInstallDependencies(dependencyGraph, '/source', '/codeql');
+
+      expect(childProcess.execFileSync).toHaveBeenCalledWith(
+        'npm',
+        ['install', '--quiet', '--no-audit', '--no-fund'],
+        expect.any(Object),
+      );
+      expect(result.size).toBe(1);
+    });
+
+    it('should not copy .npmrc when no .npmrc file is found', () => {
+      (fs.existsSync as jest.Mock).mockReturnValue(false);
+
+      const dependencyGraph = createMockDependencyGraph([
+        {
+          projectDir: 'project1',
+          packageJson: {
+            name: 'project1',
+            dependencies: { '@sap/cds': '6.1.3' },
+            devDependencies: { '@sap/cds-dk': '6.0.0' },
+          },
+        },
+      ]);
+
+      cacheInstallDependencies(dependencyGraph, '/source', '/codeql');
+
+      expect(fs.copyFileSync).not.toHaveBeenCalled();
+    });
+  });
 });
diff --git a/extractors/javascript/tools/pre-finalize.cmd b/extractors/javascript/tools/pre-finalize.cmd
@@ -12,6 +12,11 @@ if not defined CODEQL_EXTRACTOR_CDS_SKIP_EXTRACTION (
         -- ^
         "%CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE%"
 
+    if %ERRORLEVEL% neq 0 (
+        echo database index-files for CDS (.cds) files failed with exit code %ERRORLEVEL%.
+        exit /b %ERRORLEVEL%
+    )
+
     echo Finished running database index-files for CDS (.cds) files.
 )
 
@@ -27,6 +32,11 @@ type NUL && "%CODEQL_DIST%\codeql.exe" database index-files ^
     -- ^
     "%CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE%"
 
+if %ERRORLEVEL% neq 0 (
+    echo database index-files for UI5 (.view.xml and .fragment.xml) files failed with exit code %ERRORLEVEL%.
+    exit /b %ERRORLEVEL%
+)
+
 echo Finished running database index-files for UI5 (.view.xml and .fragment.xml) files.
 
 REM UI5 also requires *.view.json files and *.view.html files be indexed, but these are indexed by
@@ -35,4 +45,4 @@ REM default by CodeQL.
 REM XSJS also requires indexing of *.xsaccess files, *.xsjs files and xs-app.json files, but these
 REM are indexed by default by CodeQL.
 
-exit /b %ERRORLEVEL%
+exit /b 0
